[Secure-testing-commits] r13369 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Nov 24 21:14:14 UTC 2009 

Author: joeyh
Date: 2009-11-24 21:14:14 +0000 (Tue, 24 Nov 2009)
New Revision: 13369

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-11-24 19:55:26 UTC (rev 13368)
+++ data/CVE/list	2009-11-24 21:14:14 UTC (rev 13369)
@@ -1,3 +1,43 @@
+CVE-2009-4066 (Multiple cross-site request forgery (CSRF) vulnerabilities in the "My ...)
+	TODO: check
+CVE-2009-4065 (Cross-site scripting (XSS) vulnerability in the settings page in the ...)
+	TODO: check
+CVE-2009-4064 (Cross-site scripting (XSS) vulnerability in the Gallery Assist module ...)
+	TODO: check
+CVE-2009-4063 (Cross-site scripting (XSS) vulnerability in the Subgroups for Organic ...)
+	TODO: check
+CVE-2009-4062 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
+CVE-2009-4061 (Multiple cross-site scripting (XSS) vulnerabilities in the Agreement ...)
+	TODO: check
+CVE-2009-4060 (SQL injection vulnerability in includes/content/viewProd.inc.php in ...)
+	TODO: check
+CVE-2009-4059 (SQL injection vulnerability in the JoomClip (com_joomclip) component ...)
+	TODO: check
+CVE-2009-4058 (SQL injection vulnerability in allauctions.php in Telebid Auction ...)
+	TODO: check
+CVE-2009-4057 (SQL injection vulnerability in the inertialFATE iF Portfolio Nexus ...)
+	TODO: check
+CVE-2009-4056 (Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 ...)
+	TODO: check
+CVE-2009-4055
+	RESERVED
+CVE-2009-4054 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
+	TODO: check
+CVE-2009-4053 (Multiple directory traversal vulnerabilities in Home FTP Server ...)
+	TODO: check
+CVE-2009-4052 (Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget ...)
+	TODO: check
+CVE-2009-4051 (Home FTP Server 1.10.1.139 allows remote attackers to cause a denial ...)
+	TODO: check
+CVE-2009-4050 (Directory traversal vulnerability in get_file.php in phpMyBackupPro ...)
+	TODO: check
+CVE-2009-4049 (Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in ...)
+	TODO: check
+CVE-2009-4048 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated ...)
+	TODO: check
+CVE-2009-4047 (Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk ...)
+	TODO: check
 CVE-2009-XXXX [Cacti Multiple Script Insertion Vulnerabilities]
 	- cacti <unfixed>
 	TODO: check
@@ -195,8 +235,7 @@
 	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
 	[etch] - dovecot <not-affected> (Only affects 1.2.x)
 	NOTE: http://www.dovecot.org/list/dovecot-news/2009-November/000143.html, CVE requested on oss-sec
-CVE-2009-4017 [php temporary files exhaustion DoS]
-	RESERVED
+CVE-2009-4017 (PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of ...)
 	- php5 5.2.11.dfsg.1-2 (medium)
 	- php4 <unfixed> (medium)
 	NOTE: workarounds include using 5.3.1 or php5-suhosin
@@ -210,6 +249,7 @@
 	[lenny] - php-mail  1.1.14-1+lenny1
 	[etch] - php-mail 1.1.6-2+etch1
 CVE-2009-4021 [fuse_put_request() invalid pointer dereference]
+	RESERVED
 	- linux-2.6 <unfixed> (low)
 	- linux-2.6.24 <removed> (low)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=538734
@@ -473,8 +513,8 @@
 	RESERVED
 CVE-2009-3844
 	RESERVED
-CVE-2009-3843
-	RESERVED
+CVE-2009-3843 (HP Operations Manager 8.10 on Windows contains a &quot;hidden account&quot; in ...)
+	TODO: check
 CVE-2009-3842 (Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction ...)
 	NOT-FOR-US: HP Color LaserJet
 CVE-2009-3841 (Unspecified vulnerability in HP Discovery &amp; Dependency Mapping ...)
@@ -1226,16 +1266,13 @@
 	NOT-FOR-US: Xerver HTTP Server
 CVE-2009-3560
 	RESERVED
-CVE-2009-3559
-	RESERVED
+CVE-2009-3559 (** DISPUTED ** ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: safe_mode regression
-CVE-2009-3558
-	RESERVED
+CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: open_basedir bypass
-CVE-2009-3557
-	RESERVED
+CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP 5.2.11 and earlier, ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: safe_mode bypass
 CVE-2009-3556
@@ -1268,7 +1305,7 @@
 	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
 	- linux-2.6 2.6.31-2 (high)
 	- linux-2.6.24 <removed> (high)
-CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the ...)
+CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before ...)
 	{DSA-1936-1}
 	- libgd2 2.0.36~rc1~dfsg-3.1 (medium; bug #552534)
 	- php5 <not-affected> (the php packages use the system libgd2)
@@ -1887,14 +1924,14 @@
 	- advi 1.6.0-15 (low; bug #551282)
 CVE-2009-3295
 	RESERVED
-CVE-2009-3294 (The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11, when ...)
+CVE-2009-3294 (The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and ...)
 	- php5 <not-affected> (win32-specific)
 CVE-2009-3293 (Unspecified vulnerability in the imagecolortransparent function in PHP ...)
 	- php5 <not-affected> (the php packages use the system libgd2)
 	- php4 <not-affected> (the php packages use the system libgd2)
 	NOTE: the transparent colours functionality is only on php5's bundled libgd2
 	TODO: watch for possible merge of the transparent colours functionality into libgd2
-CVE-2009-3292 (Unspecified vulnerability in PHP before 5.2.11 has unknown impact and ...)
+CVE-2009-3292 (Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before ...)
 	- php5 5.2.11.dfsg.1-1 (low)
 	NOTE: unknown impact, it is related to missing sanity checks
 	NOTE: when determining the length of sections of jpg headers
@@ -23503,7 +23540,7 @@
 	- speex 1.2~beta2-1 (medium)
 	- libfishsound 0.7.0-2.2 (medium; bug #475152)
 	- xine-lib 1.1.12-1 (medium)
-CVE-2008-1685 (gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not ...)
+CVE-2008-1685 (** DISPUTED ** ...)
 	- gcc-4.3 4.3.1-1 (bug #482698; unimportant)
 	NOTE: dup of CVE-2006-1902 which is fixed in Debian?
 CVE-2008-1684 (inetd on Sun Solaris 10, when debug logging is enabled, allows local ...)
@@ -61193,9 +61230,9 @@
 	{DSA-947-1}
 	- clamav 0.88-1
 CVE-2006-0138 (aMSN (aka Alvaro's Messenger) allows remote attackers to cause a ...)
-        - amsn <unfixed> (low; bug #557754)
-        [etch] - amsn <no-dsa> (minor issue)
-        [lenny] - amsn <no-dsa> (minor issue)
+	- amsn <unfixed> (low; bug #557754)
+	[etch] - amsn <no-dsa> (minor issue)
+	[lenny] - amsn <no-dsa> (minor issue)
 CVE-2006-0137 (SQL injection vulnerability in linkcategory.php in Phanatic Softwares ...)
 	NOT-FOR-US: Phanatic Softwares Chimera Web Portal System
 CVE-2006-0136 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook ...)

More information about the Secure-testing-commits mailing list